Verified By CyPROS, Opti9 Observr Help Prevent Ransomware Attacks

Opti9 Technologies LLC announces the results of its cybersecurity validation assessment, conducted by CyPROS, a provider of penetration testing, and threat protection services.

It engaged CyPROS to substantiate the effectiveness of its Observr product, a SaaS tool which detects the presence of attackers within organizations’ backup environments, helping to prevent an attack before it starts. CyPROS findings confirm the effectiveness of Observr, provided suggestions for how it can be effectively implemented by organizations to help detect and prevent attacks, and recommended feature enhancements for future versions.

According to the 2023 Global Report on Ransomware Trends from Veeam Software, 93% of ransomware attacks specifically target backup data and infrastructure to destroy any possible recovery capabilities before initiating the attack, increasing the likelihood of securing a ransom payment. Observr by Opti9 is an anomaly detection service that integrates with Veeam, the #1 Data Replication and Protection Software WW, and was built to address this and other threats. Observr utilizes ML to baseline, monitor, and identify suspicious activity within the backup infrastructure. In doing so, It can detect the presence of an attacker within the backup infrastructure attempting to modify and destroy recovery options, helping organizations stop an attack before it starts.

The results of the validation assessment conducted by CyPROS are published in a reported titled, Thwart Cyberthreats: Evaluation Report of the Opti9 Observr. The report summarizes its findings and recommendations from multiple scenarios conducted in January and February 2023. During that period, CyPROS’ team of elite white hat hackers mimicked attack workflows and techniques known to be employed by bad actors. The test scenario included common deployments of Veeam Backup & Replication software typical of enterprise environments. Among other things, CyPROS confirmed that in-line change-rate based detection, such as those being added to some backup products, is ineffective at identifying a ransomware in progress. Furthermore, it is a reactive alarm, only notifying an organization after their systems have started to be infected. Instead, focusing on the backup control-plane is a far more effective means to detect activities that typically precede the attack.

“Backup environments themselves are a new attack surface under the microscope of nefarious actors. Organizations have a false sense of security related to their ability to recover from Ransomware and other attacks,” said Sagi Brody, CTO, Opti9. “By focusing on this exposure point, and providing threat detection capabilities that can be ingested by common SIEM & MDR platforms, Observr bridges the gap between BCDR and security teams, yielding higher levels of resilience.”

CyPROS’ report identifies Opti9’s Observr as the only product on the market that they know of, that specifically focuses on the backup environment itself, an emerging attack vector. CyPROS confirmed functionality of Observr’s threat detection capabilities, including suspicious deletion events, job modification, retention modifications, job deletion, and many others. Additionally, CyPROS provided the company with a list of additional activities to monitor as part of its threat detection engine to provide additional granularity.

These enhancements and others are slated to be released as part of Observr v1.1, later this year.

Resource:
Download CyPROS report, recommending the Observr solution for global enterprise businesses.